IBM Aspera buffer overflow
CVE-2023-27285

7.8HIGH

Key Information:

Vendor: IBM
Status: Aspera Connect; Aspera Cargo
Vendor: CVE Published:; 5 June 2023

What is CVE-2023-27285?

IBM Aspera Connect and Aspera Cargo versions 4.2.5 are affected by a buffer overflow vulnerability due to improper bounds checking. This weakness allows an attacker to overflow a buffer, potentially enabling the execution of arbitrary code on the affected system. Timely patching and adherence to security best practices are essential for mitigating the risks associated with this vulnerability.

Affected Version(s)

Aspera Cargo 4.2.5

Aspera Connect 4.2.5

References

https://www.ibm.com/support/pages/node/7001053

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/248625

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2023
Vulnerability Reserved
Feb 27, 2023